'Here you have'... a virus

Posted by Emma Woollacott

A new email worm is landing in email inboxes worldwide, disabling the anti-virus software of the unwary.

Dubbed 'Here you Have', it's a new attack, with the first reported cases appearing yesterday. However, it's similar to classic old-school mass-mailing viruses like Nimda, Melissa and the Anna Kournikova virus from 2001.

Symantec says the worm disables many common anti-virus products.

It arrives as an email asking the recipient to open a link. However, the link points to a malicious program file disguised as a PDF hosted on the internet. When the user clicks on the link, the malicious file - W32.Imsolk.B@mm - is downloaded and launched. This installs the worm onto the victim’s computer and emailing the original message to everyone in the infected user’s email address book.

There are two versions of the original message. One reads:

    Hello:
    Subject: Here you have
    This is The Document I told you about,you can find it Here.
    http://***url***/PDF_Document21.025542010.pdf
    Please check it and reply as soon as possible.
    Cheers,

The other, aimed at the less business-like, one presumes, reads:

    Hello:
    This is The Free Dowload Sex Movies,you can find it Here.
    http://***url***/SEX21.025542010.wmv
    Cheers,

"It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture," warns McAfee Labs.

The worm also attempts to spread over local networks such as intranets by copying itself to open drive shares found on other machines on the network. Once it has, it will be launched if a user even opens the folder that contains the threat on a new machine.

According to ABC News, the worm has hit many major organizations, including NASA, Disney, Comcast, Proctor & Gamble - and ABC itself.